CVE-2026-45810
- EPSS 0.25%
- Veröffentlicht 01.06.2026 17:13:21
- Zuletzt bearbeitet 04.06.2026 16:51:19
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read th...
CVE-2026-45691
- EPSS 0.29%
- Veröffentlicht 01.06.2026 17:09:48
- Zuletzt bearbeitet 04.06.2026 16:50:50
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful password authentication but before TOTP completion)...
CVE-2026-45690
- EPSS 0.29%
- Veröffentlicht 01.06.2026 17:08:04
- Zuletzt bearbeitet 04.06.2026 16:50:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed attackers with knowledge of a user's password to circum...
CVE-2026-45285
- EPSS 0.29%
- Veröffentlicht 01.06.2026 16:57:50
- Zuletzt bearbeitet 03.06.2026 20:34:52
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member (a person added via email addre...
CVE-2026-45283
- EPSS 0.21%
- Veröffentlicht 01.06.2026 16:53:50
- Zuletzt bearbeitet 03.06.2026 17:02:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unloc...
CVE-2026-45282
- EPSS 0.29%
- Veröffentlicht 01.06.2026 16:53:18
- Zuletzt bearbeitet 03.06.2026 17:09:13
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumve...
CVE-2026-45281
- EPSS 0.28%
- Veröffentlicht 01.06.2026 16:52:57
- Zuletzt bearbeitet 03.06.2026 17:11:29
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain ful...
CVE-2026-45279
- EPSS 0.39%
- Veröffentlicht 01.06.2026 16:52:18
- Zuletzt bearbeitet 03.06.2026 17:15:56
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if {lang} is used in the template directory config value, non-admin users can in some cases copy arbi...
CVE-2025-64011
- EPSS 0.24%
- Veröffentlicht 12.12.2025 00:00:00
- Zuletzt bearbeitet 19.12.2025 15:47:19
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allow...
CVE-2025-66552
- EPSS 0.27%
- Veröffentlicht 05.12.2025 16:36:39
- Zuletzt bearbeitet 10.12.2025 15:14:47
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders i...